Defense in Depth is always good! There are no disadvantages of having a firewall protecting your web server, assuming you are careful when configuring it.
the first possible advantage that i can think of would be that you could only allow connections to management interfaces from the local network (something the perimeter firewall would never see or be able to influence) The general answer is: if you have the resources and manpower to lock that webserver down - DO IT! badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Ursprüngliche Nachricht----- Von: Anish Basu [mailto:[EMAIL PROTECTED] Gesendet: Wednesday, June 25, 2003 8:25 AM An: [EMAIL PROTECTED] Betreff: Firewall on server itself I am trying to set up a secure web server which will already be protected by a dedicated harware firewall. The hardware firewall will be configured to protect the web server as well other computers on the network. The web server will be running Red Hat 9.0. Is there any reason to install and configure firewall software such as IPTables on the web server itself? Are there any advantaqes or disadvantages to having two firewalls set up this way? Thanx in advance for any help. ************************************************************* Anish Basu ([EMAIL PROTECTED]) Chair Events and Programming Co-Chair Internet Security USACS, Undergraduate Student Alliance of Computer Scientists http://usacs.rutgers.edu ************************************************************* -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.1 (GNU/Linux) mQGiBD73j5cRBACZL6r2HapGwo05TAkgw3xGvkfWQl19010ucpiMECdJBI9KfgrK /F9qUAcdKeJvJUSNVIDudfs+LKf8chpW3+uhH121m01PrlNKK+PU4BGlkEAMvmMw UJaG1Qq37Vs9uw0Ar2bCzq8XDUdbSuJtv/AucTJW4gv30NIwnHYHSesKuwCglKXi jAkwG0hXxFX33WqsX+OYffEEAJWhaF3VfXVgiz8xaWSNwatd8CKsZlknBnomJpen TVdlsnl+18Nyl2VjRzcRimYJQdEKUQjpUfjrmOP1+OCPA1cvk46KMO2frdvbGRLs PxWrxa60G7bJVpuw1LF1cTNAiFzQT3uaZzOIj+zZvntBPvi6dTgeqqt0G4T5fdhM 398bA/sHktmFOBtYMTFTbNF74HeMv1DfmRHjDygkpOS+ZZrdZUIv0VXSyPjwsVLY zF+J8pzyxDVhD9gtTnlIUxGFW22S+PSvFDXPwB//Vrcux6ogfuAhpRjbrC5K1ED+ sTzMNebZVaDAQvsCFhKlHoYlwMsUnOASDcrlTDPIe7h8rt/BkbQkQW5pc2ggQmFz dSA8YW5pc2hiQGVkZW4ucnV0Z2Vycy5lZHU+iFkEExECABkFAj73j5cECwcDAgMV AgMDFgIBAh4BAheAAAoJEFg2FXGIkwwyXpkAni1mKIaIF8xvQTII6U+5oas1Zhyc AJ99GSjXgiVS7ED/dS+Ti9LPUuP1NLkBDQQ+94+cEAQApxgDaofLmhxouHOX0dPz qitLgWwJUB5hTB1duFSdBGBVwAPSVLzE33UJiwiYr0L/lSJenfwh50FeavqyHSxE M0ttF5/yP+7y1pmWMkxcBkntmKOPMNyC+ptV3TTK9geGcIxZyIx4sm631Pb3PNCf 2p7PrgsLYNJLktP4jERvw/cAAwUD/AkVM2zoMjPkZd7+BGrJeNzuTENq7m7xc1ur v6fLWx+K0eNbfkKoyiLqVTTtSzX8CV2j/nu+Vwnfy/4Qr3KKdd1fg0W088FPPhQO 7ZqVS89lAePLNBHSrhS9Et63A74Qw58W/fS9UMVGvATrdRTqCXv5ru/yGLalqWTU 1yi8zSpViEYEGBECAAYFAj73j5wACgkQWDYVcYiTDDLACwCdHBAHf/UwoB8BsbDk IGoZW0tuD7cAnRi5TN/irq9muS3jENqIJB+rquV0 =od0b -----END PGP PUBLIC KEY BLOCK----- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------